CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-2166
HIGH
Forcepoint Email Security <8.5.5 HF003 - XSS
CVSS 8.8
CVE-2024-45399
MEDIUM
Indico < 3.3.4 - Cross-Site Scripting via Account Creation Next URL Parameter
CVSS 4.3
CVE-2024-45177
MEDIUM
za-internet C-MOR Video Surveillance <6.00PL01 - XSS
CVSS 5.4
CVE-2024-44818
MEDIUM
zzcms < 2023 - Cross-Site Scripting via HTTP_Referer Header in caina.php
CVSS 5.4
CVE-2024-8411
LOW
ABCD ABCD2 <= 2.2.0-beta-1 - Cross-Site Scripting via Sub_Expresion Argument
CVSS 3.5
CVE-2024-7077
MEDIUM
Semtek Sempos <= 31072024 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-44820
MEDIUM
ZZCMS < 2023 - Sensitive Information Disclosure via eginfo.php phome Parameter
CVSS 6.1
CVE-2024-44819
MEDIUM
ZZCMS < 2023 - Cross-Site Scripting via pagename Parameter in admin/del.php
CVSS 6.1
CVE-2024-8407
LOW
alwindoss akademy - Cross-Site Scripting via emailAddress Parameter
CVSS 3.5
CVE-2024-8413
MEDIUM
raspcontrol - Cross-Site Scripting via Action Parameter in index.php
CVSS 5.4
CVE-2024-8318
MEDIUM
Attributes for Blocks <= 1.0.6 - Authenticated Stored Cross-Site Scripting via attributesForBlocks Parameter
CVSS 6.4
CVE-2024-8119
MEDIUM
WP Extended <= 3.0.8 - Unauthenticated Reflected XSS via Page Parameter
CVSS 6.1
CVE-2024-8117
MEDIUM
The Ultimate WordPress Toolkit - WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option Parameter
CVSS 6.1
CVE-2024-8325
MEDIUM
Blockspare: Gutenberg Blocks & Patterns - XSS
CVSS 6.4
CVE-2024-6889
MEDIUM
Secure Copy Content Protection and Content Locking < 4.1.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-6888
MEDIUM
Secure Copy Content Protection and Content Locking < 4.1.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-6722
MEDIUM
Chatbot Support AI < 1.0.2 - Authenticated Stored XSS in Plugin Settings
CVSS 4.8
CVE-2024-6020
MEDIUM
Sign-up Sheets < 2.2.13 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 6.1
CVE-2024-45389
MEDIUM
Pagefind < 1.1.1 - Cross-Site Scripting via document.currentScript.src Clobbering
CVSS 6.4
CVE-2024-45180
MEDIUM
SquaredUp DS for SCOM 6.2.1.11104 - XSS
CVSS 5.4
CVE-2024-43413
LOW
Xibo < 4.1.0 - Authenticated Stored Cross-Site Scripting via DataSet HTML Column
CVSS 3.5
CVE-2024-42904
MEDIUM
syspass 3.2.0-3.2.10 - Cross-Site Scripting via Client Name Parameter
CVSS 6.1
CVE-2024-42901
MEDIUM
Lime Survey <6.5.12 - Code Injection
CVSS 4.8
CVE-2024-43412
MEDIUM
Xibo < 4.1.0 - Authenticated Stored Cross-Site Scripting via File Preview Function
CVSS 4.6
CVE-2024-7654
HIGH
Progress OpenEdge < 11.7.19 and 12.2-12.2.14 - Unauthenticated Content Injection via ActiveMQ Discovery Service
CVSS 8.3
Details
Vulnerabilities
45,468
Exploit Likelihood
High